Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
44
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
120
Getting Blindly Lucky
jr0ch17
0
78
Qu'est-ce que le bug bounty?
jr0ch17
0
120
Finding 5 bugs in a single parameter
jr0ch17
0
84
Beyond the Borders of Scope
jr0ch17
0
70
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
AI時代におけるデータの重要性 ~データマネジメントの第一歩~
ryoichi_ota
0
710
Copilot Studio ハンズオン - 生成オーケストレーションモード
tomoyasasakimskk
0
210
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
20k
現場データから見える、開発生産性の変化コード生成AI導入・運用のリアル〜 / Changes in Development Productivity and Operational Challenges Following the Introduction of Code Generation AI
nttcom
1
450
JSConf JPのwebsiteをGatsbyからNext.jsに移行した話 - Next.jsの多言語静的サイトと課題
leko
2
180
Implementing and Evaluating a High-Level Language with WasmGC and the Wasm Component Model: Scala’s Case
tanishiking
0
170
Dify on AWS 環境構築手順
yosse95ai
0
110
個人でデジタル庁の デザインシステムをVue.jsで 作っている話
nishiharatsubasa
3
4.5k
AWS UG Grantでグローバル20名に選出されてre:Inventに行く話と、マルチクラウドセキュリティの教科書を執筆した話 / The Story of Being Selected for the AWS UG Grant to Attending re:Invent, and Writing a Multi-Cloud Security Textbook
yuj1osm
1
130
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.2k
プレイドのユニークな技術とインターンのリアル
plaidtech
PRO
1
190
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
5
43k
Featured
See All Featured
YesSQL, Process and Tooling at Scale
rocio
173
15k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Typedesign – Prime Four
hannesfritz
42
2.8k
Building Adaptive Systems
keathley
44
2.8k
Unsuck your backbone
ammeep
671
58k
The Straight Up "How To Draw Better" Workshop
denniskardys
238
140k
Become a Pro
speakerdeck
PRO
29
5.6k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
130k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
657
61k
Agile that works and the tools we love
rasmusluckow
331
21k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and